BenChapman | morning | 10:06 |
---|---|---|
BenChapman | Does anyone know any good resources on how to configure IPTables correctly on a server? (best practice, how to allow outgoing connections securely etc) | 10:16 |
ebel | well mostly it's easy enough | 10:19 |
BenChapman | ebel: until you lock yourself out ;) | 10:20 |
ebel | i mean most of the time it's "block everything except this port and that port" | 10:20 |
BenChapman | and outgoing wise? Block everything except 53 and established? | 10:21 |
ebel | ah yes that can happen. | 10:21 |
ebel | Do you have IPv6 (on your machine & something you can log into machine with)? | 10:21 |
BenChapman | sadly, no. In neither case do I have IPv6 | 10:21 |
BenChapman | Though, now on rackspace. | 10:21 |
ebel | then you can just do ipv4 iptables willy nilly. if you lock yourself out, then connect over ipv6 :) | 10:21 |
BenChapman | which is awesome | 10:21 |
BenChapman | No, I can't... I *don't* have v6 acces | 10:22 |
BenChapman | s | 10:22 |
ebel | ah well | 10:22 |
* ebel should really be careful about giving advise here, since he's not very good at iptables... :P | 10:22 | |
BenChapman | lol | 10:23 |
BenChapman | also I'd want to protect v6 anyway | 10:23 |
ebel | yes you should protext ipv6 & 4. but it's handy to do them out of sync, so you can go in via one if you feck up the other, etc. | 10:24 |
ebel | also slashtommy knows a bit about this | 10:27 |
ebel | or someone on #tog might know | 10:28 |
slashtommy | becareful, you should always have console access available | 10:48 |
slashtommy | all good ISPs provide this | 10:48 |
tdr112 | BenChapman: while testing you should set up a cron job to clear your tables every half an hour | 11:00 |
tdr112 | that will stop you getting locked out | 11:00 |
tdr112 | a few weeks ago i worked for about a day getting my head around iptables for my servers | 11:00 |
tdr112 | and the cron job makes your life a lot better | 11:01 |
slashtommy | btw, when is this next irc meeting? | 11:01 |
czajkowski | aloha | 11:08 |
slashtommy | good morning | 11:10 |
tdr112 | i think its the 17th | 11:12 |
BenChapman | slashtommy: I do indeed have console access :) | 11:12 |
BenChapman | got a nice mozilla t-shirt last night at the mozilla meetup | 12:12 |
tdr112 | BenChapman: many at it ? | 12:13 |
BenChapman | loads actually, I'd say around 50-60 | 12:14 |
tdr112 | wow thats great | 12:14 |
BenChapman | yup | 12:14 |
ebel | wow, cool | 12:16 |
tdr112 | i would think its hard to turn all them into devs to work on ff | 12:17 |
BenChapman | tdr112: not the idea of those meetups ( though some of the talks were highly technical ) | 12:29 |
BenChapman | technical problems with skype: on unity when it goes into the background there's no way for me to call it up again | 12:44 |
czajkowski | ebel: sorting your typing break issue also | 13:08 |
* slashtommy is signed up to his first formal conference as an antedee, next week | 13:25 | |
slashtommy | attendee* | 13:25 |
ebel | czajkowski: oh? cool | 13:46 |
czajkowski | yeah it's still there | 13:53 |
czajkowski | and there are also other alternatives | 13:53 |
czajkowski | but they may see if they can bring it in from debiabn | 13:53 |
ebel | ah cool. | 13:54 |
czajkowski | :) | 13:56 |
czajkowski | UDS-P Day 3 http://www.lczajkowski.com/2011/11/03/uds-p-day-3/ | 14:08 |
=== Pendulum_ is now known as Pendulum |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!